Roman
Drahtmueller To: Murat Koc
There is sometimes a problem, logging into our two SuSE 7.0 (SMP) machines. Trying to log in with telnet procudes the following error Message: "telnetd: all network ports in use" In such a case it is not possible to log into the machine for several hours. Is this because of a portscan an anything else? Did anyone have a similar Problem?
Be sure that you compiled the kernel with "Unix98 PTY support" and "/dev/pts file system for Unix98 PTYs" options enabled.
or add a line in your /etc/fstab
none /dev/pts devpts mode=0620 0 0
The devpts filesystem gets mounted by /sbin/init.d/boot at boot time on SuSE distributions and are not listed in the fstab. It shouldn't matter if it shows up there, though.
Nevertheless, this doesn't seem to be the problem here. It more or less looks like this machine has been under attack so that all available sockets have been used up. In particular, it seems to have been a SYN flood attack. There is no efficient countermeasure against this other than pulling the plug. <snip>
What about SYN cookies? Or would it help to adjust values in /proc/sys/net/ipv4/tcp_syn_retries resp /proc/sys/net/ipv4/ tcp_max_syn_backlog? Or the upstream ISP starts limiting max SYN packets rate? cheers Chr. Burri